RSS Feed Sign-Up

Lazy Passwords, Online Brokers, and WiFi Don't Mix

I don't know if you NJ residents saw this last Wednesday in the Star Ledger. It is an article called Cyber-thieves Show Risk in Internet Investing and it highlights how TD Ameritrade and E*Trade both had customers who had their accounts fraudulently accessed to the tune of $4 million and $18 million respectively. According to the article, there were two methods that caused customers of these brokers to lose money. The first is the one you'd suspect - people get access to your account and liquidate it, while the second involves selling stock after using the victim's account to pump the stock up. At first, I thought, ho hum article, but then I had lunch with an old friend and now think this story has a little more legs to it.

The first criminal act is pretty straight forward, but lets take a look at the second act - pumping and dumping stock. Here's what my friend told me the other day:

Cyber-thieves, mostly the over-seas kind (Eastern Europe, Asia), monitor WiFi hotspots and public PCs with software that can capture keystrokes.

The cyber-thieves of course would love to get your passwords for your financial accounts, but any account will work. Why? They know your secret which is you are too lazy to setup multiple passwords and will recycle the same one over and over again.

So, you log onto your MSN Mail account, they get your password and then try it over at other accounts. Of course, they'll need an account number, but if they can go to such lengths to get your password they certainly can get your account number.

Now, they get into your account and use your funds to buy cheap penny stocks which they also hold in their own brokerage account.

Since the penny stocks don't have a ton of volume, they can pump the stock up by using your account to buy tons of this penny stock and then dump their shares making a nice profit.

At the end of the day, you have your identity compromised and worthless stock in your portfolio.

When TD Waterhouse and Ameritrade were merging, we worked on an email that we were going to send to customers of both of these brokers that basically said, how safe is your money in a merger? Thankfully, it was scrapped because a few weeks later we were being acquired by E*Trade. However, the strategy behind that email is valid. How safe is your money when it is being moved? Are your account numbers being mailed to you? How about your password? Do you know how to login to your new account and how secure is it? So, here are my suggestions to you as a veteran of the online brokerage world for 5 years to help you navigate this area:

Change your PASSWORDS or at least come up with a different ones for your financial accounts. Don't use these passwords.

Set your portfolio up at your favorite financial website (Yahoo Finance) so you can track your positions in real time

Never, I repeat, never use a free WiFi location to access your actual financial website. You know that warning you get about the access being unsecure? Well it is. Use #2 above to track at these WiFi spots.

Be very cautious about emails from your financial services company. In fact, turn them off altogether (yes I wrote that). These emails can be phished so that you receive what looks like a legitimate email but it is in fact loaded with links that take you to a website where they steal your keystrokes. That's why I think financial services companies should be using secure RSS feeds for communicating.

Watch your accounts at least once per week. Besides being the bare (and I mean bare) minimum for investing, you should monitor it regularly for possible use.

Choosing your online broker or bank should be based primarily on security. With stock transactions fees in the under $10 range, and unless you are an Active Trader, what difference should that mean to you especially if you buy big enough lots. Research and tools? Well that is nice, but you can always go elsewhere and besides how much do you rely on that research versus Bob at the water cooler?

Put your money in places that are secure and change your passwords. Security sounds boring and often doesn't make for good advertising (unless your are Citi), but it is all that really matters when it comes to your money. Oh wait, one more thing also matters - change your passwords.

PardonMyFrench,

Eric

Comments

Verify your Comment

Previewing your Comment

Posted by:
|

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:

Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Stuff

Search

Copyright 2005-09 by Eric Frenchman LLC. All content on Pardonmyfrench.net, pardonmyfrench.typepad.com and EricFrenchman.com, including text, graphics, logos, and images, and the selection and arrangement thereof, is the exclusive property of Eric Frenchman LLC or its licensors and is protected by U.S. and international copyright laws. All trademarks appearing on Pardonmyfrench.net, pardonmyfrench.typed.com, and ericfrenchman.com are the property of their respective owners. All articles posted are intended for the personal, non-commercial use of Pardonmyfrench.net, pardonmyfrench.typed.com, and ericfrenchman.com visitors, provided, however, that all copyright and other proprietary notices displayed with such articles are fully retained. All rights not expressly granted are reserved.